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DETAILED ACTION 

Claims 1-39 have been considered. 



Claim Rejections - 35 USC §102 

5 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 

the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), 
by another filed in the United States before the invention by the applicant for patent or (2) a 
10 patent granted on an application for patent by another filed in the United States before the 

invention by the applicant for patent, except that an international application filed under the treaty 
defined in section 351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the United States and 
was published under Article 21(2) of such treaty in the English language. 

15 



Claims 1,5-14,18-27, and 31-39 are rejected under 35 U.S.C. 102(e) as being anticipated by 
D'Sa, U.S. Patent Application Publication No. 2002/0178355. 



20 As per claims 1,14, and 27, the applicant describes a data processing system for defining a 

configuration of IP security tunnels comprising the following limitations which are met by D'Sa: 

a) a security policy specification format capable of being utilized by a plurality of different 
operating systems and a plurality of different machine types ([0041],[0047]-[0048],Fig 2); 

b) said system for automatically configuring an IP security tunnel utilizing said security policy 
25 specification format ([0042] ( [0047]-[0048],Fig 2); 



As per claims 5-11,18-24, and 31-37, the applicant describes the system of claims 1,14, and 27, 
which are met by D'Sa (see above), with the following limitations which are met by D'Sa: 
a) a root element ([0070]); 
30 b) a protection element ([0099]); 

c) a transform element ([0090], [0153]); 
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d) a group element ([0065]); 

e) an identification element ([0066]); 

f) a tunnel element ([0138], [0139], [0177]); 

g) a local/remote identify element ([0058], [0061]); 
5 h) an ID type element ([0066]); 

i) an ID definition element ([0067]); 
j) a pre-shared key element ([0099]); 
k) an IPsec proposal element ([0071], [0072]); 
I) an IPsec authentication header element ([0146]); 
10 m) an IPsec protection element ([0146]); 



As per claims 1 2-1 3,25-26, and 38-39, the applicant describes the system of claims 1,14, and 27, 
which are met by D'Sa (see above), with the following limitation which is met by D'Sa: 

Further comprising the step of automatically configuring an IP security tunnel utilizing said 
15 security policy specification format ([0040] and [0041]); 

As described by D'Sa, security tunnels are configured and stored in a database wherein a user 
can reconnect and have a security tunnel automatically reconfigured according to parameters in the 
database. This is done through a process in which first and second security policies are compared and 
the policy and tunnel which is applicable to the local-remote computer pair is used. 

20 

Claims 1,14, and 27 are rejected under 35 U.S.C. 102(e) as being anticipated by Bendinelli, U.S. 
Patent No. 6,631,416. 



As per claims 1,14, and 27, the applicant describes a data processing system for defining a 
25 configuration of IP security tunnels with the following limitations which are met by Bendinelli: 

a) a security policy specification format capable of being utilized by a plurality of different 
operating systems and a plurality of different machine types (Col 17, lines 36-63); 
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b) said system for automatically configuring an IP security tunnel utilizing said security policy 
specification format (Col 17, lines 36-63); 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 2-4,15-17, and 28-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bendinelli in view of Pfeiffer (Pfeiffer, Ralf I. March 2, 1999. XML Tutorials for Programmers, retrieved 
from http://www.informatik.hu-berlin.de/-xinq/Lib/RIP-writinq.pdn . 

As per claims 2-4,15-17, and 28-30, the applicant describes the system of claims 1,14, and 27, 
which are met by Bendinelli (see above), with the following limitation which is met by Bendinelli in view of 
Pfeiffer: 

Further comprising said security policy specification format being established as a DTD file 
(Bendinelli: Col 17, lines 36-63; Pfeiffer: pages 5-6); 

Bendinelli discloses all the limitations of independent claims 1,14, and 27. However, Bendinelli 
discloses that the security policy specification format is established as an XML file, not a DTD file. Pfeiffer 
discloses that a DTD file commonly stores policy and rules. Combining Pfeiffer with Bendinelli would 
allow the security policy specification format to be stored in a DTD file instead of an XML file. It would 
have been obvious to one of ordinary skill in the art at the time the invention was filed to incorporate the 
ideas of Pfeiffer with those of Bendinelli because a DTD file is another means to store a security policy 
specification format and DTD files typically store policy and rules. 
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Response to Arguments 

Applicant's arguments, see Remarks, filed 7/20/05, with respect to the 112 rejections have been 
fully considered and are persuasive. The 112 rejections have been withdrawn. 

5 

Applicant's arguments with respect to the rejection of the independent claims (1,14, and 27) 
under D'Sa have been fully considered but they are not persuasive. The applicant presents a series of 
arguments which are summarized below, none of which are persuasive. 

The applicant first argues that D'Sa does not teach "a security policy specification format capable 

10 of being utilized by a plurality of different operating systems and a plurality of different machine types". 
The examiner disagrees. D'Sa provides a method for preventing a user from having to manually set up 
an IP security tunnel by storing the information needed to automatically configure the IP security tunnel in 
a security policy specification format in a VPN configuration database. The security policy specification 
format includes specifics utilized in configuring the IP security tunnel including proposal information, 

15 transform information, encryption information, etc. The VPN configuration database uses the IP 

addresses of the computers wishing to establish the IP security tunnel to retrieve the corresponding 

necessary information. The examiner points the applicant to the following passage of D'Sa: 

"If the pair was found in the endpoints table, decision branches to "yes" branch whereupon a 
policy corresponding to the local-remote pair is selected from the policy table. The policy includes a 
20 proposal list with separate initiator and responder proposals. Proposals have general characteristics, like 
lifetimes and transform names. Transforms include specific encryption algorithms, hash algorithms, and 
authentication methods being proposed. A determination is made as to whether a corresponding policy 
was found" [0048]. 

25 This security policy specification format is capable of being utilized by a plurality of different operating 
systems and machine types which span a plurality of virtual private networks (Figs 1,2, and 3). The 
examiner also notes that Figs 1,2, and 3 of D'Sa illustrating the invention are identical to Figs 1,2, and 3 
of the applicant and that the paragraph cited above is found word-for-word in page 16, lines 15-31 of the 
applicant's specification. 
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The applicant presents a second argument that D'Sa's system does not automatically configure 
the IP security tunnel utilizing the security policy specification format. The examiner disagrees. The VPN 
configuration database is used in the system to store a security policy specification format which is 
utilized to automatically construct an IP security tunnel. This prevents the user from having to manually 
5 set up the tunnel every time a connection is made. The only time the user does manually configure the 
tunnel is the initial configuration or when the VPN configuration database determines that the address 
pair is not registered in the VPN configuration when the VPN configuration database tries to retrieve 
necessary information to set up the IP security tunnel [0047]. 

The applicant presents a third argument that "D'Sa actually teaches away from the presently 

1 0 claimed invention because it teaches utilization of a list of already configured tunnels in the Endpoints 
table" (See Remarks page 9). The examiner fails to understand this argument as the passages the 
applicant is referring to are word for word in the applicant's specification. Compare D'Sa [0047]-[0052] 
with the applicant's Specification page 15, line 22 to page 18, line 22. Additionally Figs 4 and 5 of D'Sa 
present a flow chart of how the IP security tunnel is configured which are identical to Figs 4 and 5 of the 

15 applicant's specification. 

Applicant's arguments with respect to the rejection of the independent claims (1,14, and 27) 
under Bendinelli have been fully considered but they are not persuasive. The applicant argues that 
Bendinelli does not teach "automatically configuring IP security tunnels by establishing a security policy 

20 specification format capable of being utilized by a plurality of different operating systems and a plurality of 
different machine types". The examiner disagrees. Bendinelli discloses an invention that satisfies the 
same goal of the applicant of decreasing the burden of a user associated with having to manually 
configure an IP security tunnel (Col 3, lines 39-45). Bendinelli accomplishes this task in part by allowing 
the user to set up an IP security tunnel configuration via a control system. The control system then 

25 provides the information necessary to set up the IP security tunnel to the user in an XML file on a disk 

which the user can insert into a computer to automatically configure an IP security tunnel. The IP security 
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tunnel can be formed between a control system and a personal computer, hence a plurality of different 
machine types/operating systems. 



Applicant's arguments with respect to dependent claims 6,11,16,24, and 29 have been fully 
5 considered but they are not persuasive. The applicant argues that D'Sa does not teach a protection 
element that includes a listing of Internet Key Exchange transforms. D'Sa does teach a protection 
element as D'Sa teaches sending a list of transforms [0088] to install data protection in the system. D'Sa 
also discloses that this list of transforms includes key transforms for negotiating the particular key used. 



10 Applicant's arguments with respect to claims 1 1,24, and 37 have been fully considered but they 

are not persuasive. The applicant argues that D'Sa does not teach certain features of the claim. The 
examiner disagrees. D'Sa does disclose these elements in the context of Internet Protocol Security. 
Specifically, D'Sa teaches that phase 2 processing takes place via Internet Protocol Security proposals 
and negotiations [0195]. Specifically these may be a proposal element [0144], an authentication header 

15 element [0146], an ESP element [0148], and a protection element [0146]. 

Applicant's arguments with respect to claims 12-13,25-26, and 38-39 have been fully considered 
but they are not persuasive. The examiner notes that this argument has already been discussed (see the 
examiner's remarks regarding the rejection of the independent claims under D'Sa). 

20 

Applicant's arguments with respect to the 103 rejection have been fully considered but they are 
not persuasive. The applicant argues motivation. The examiner disagrees. There is motivation to store 
the security policy specification format in a DTD file instead of an XML file because a DTD file is another 
common means of storing a format, such as a security policy specification format, and it is well-known 
25 that a DTD file typically stores policy and rules. 



Conclusion 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth 
in 37CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 7:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3868. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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